WAYMAP Changelog

The Web-Application Vulnerability Scanner

Waymap is a fast and optimized web vulnerability scanner designed to identify security flaws in web applications.

With support for multiple scan types and customizable configurations, it is a versatile tool for ethical hackers.

Waymap focuses on efficiency, simplicity, and ease of use, making it an excellent tool for both beginners and experienced security professionals.

What's new in Waymap 6.1.8? Check it out here.

Waymap covers:

Waymap Support More Than 165 WAF(Web Application Firewall)/IPS(Intrusion Prevention System) Detection Within Seconds

Vulnerability Related To Injection

• SQL Injections (Error-based, Boolean-based)
• Cross-Site Scripting (XSS)
• Local File Inclusion (LFI)
• Command Injection (CMDi)
• Server-Side Template Injection (SSTI)
• Open Redirects
• Carriage Return and Line Feed (CRLF)
• Cross-Origin Resource Sharing (CORS)

Vulnerability Scanned In Profile Deepscan

Headers Deepscan

• Missing Content-Security-Policy header
• Missing Strict-Transport-Security header
• Missing X-Frame-Options header
• Missing X-Content-Type-Options header
• Missing Referrer-Policy header
• Missing Permissions-Policy header
• Missing Cross-Origin-Resource-Policy header
• Duplicate Headers
• Unusually Long Headers
• Improper HSTS Configuration (Missing max-age or preload)
• JWT Token in Authorization Header
• Overly Permissive Content-Security-Policy
• Weak Cross-Origin Resource Sharing (CORS) Policy
• Server Software (Apache or Nginx) Detection
• Overly Permissive Permissions-Policy
• Improper Expect-CT Header Configuration
• Clear-Site-Data Header Misuse
• Weak X-Permitted-Cross-Domain-Policies
• Misconfigured X-XSS-Protection Header
• Misconfigured X-Content-Type-Options Header
• Weak Referrer-Policy Header
• Misconfigured X-Frame-Options Header
• Misconfigured Cache-Control Header
• Insecure Cookies (Missing HttpOnly or Secure flags)

Server Backup File Finder

• Backup File Scanning Method: The script scans for backup files using the {dirname}.{ext} method. It generates potential backup file URLs by appending common backup file extensions to existing directory paths.
• URL Generation: For each directory URL, the script creates backup URLs by appending each of the backup extensions to the directory paths. For example, if a directory URL is https://example.com/backup/, the script will generate URLs like https://example.com/backup.zip, https://example.com/backup.tar.gz, and so on.
• Testing Generated URLs: The script sends a HEAD request to each generated backup URL to check for the existence of the backup file. If a valid response (e.g., 200 OK) is received, the file is marked as "found". If a 403 Forbidden status is returned, the backup file is considered "forbidden".

Directory and File Enumeration

• Directory and File Enumeration: Scans for exposed or sensitive directories and files that may not be intended for public access. It can lead to information leakage or unauthorized access to private files or configurations.

JavaScript Vulnerability Scanner

• JavaScript Vulnerability Scanner: Scans JavaScript files on a website for known vulnerabilities by checking their versions against a database of vulnerable libraries. It crawls the site, extracts JavaScript URLs, and checks each for vulnerable versions of libraries.

Vulnerability Scanned In Profile High

Waymap supports GET methods for Scanning.
Waymap identifies common vulnerabilities and generates reports in formats.

General features:

• Customizable Threading settings for task execution
• Supports No Interaction Scanning
• Supports Latest Version Checking

Download

>> Download Waymap here <<

Usage

░██╗░░░░░░░██╗░█████╗░██╗░░░██╗███╗░░░███╗░█████╗░██████╗░
░██║░░██╗░░██║██╔══██╗╚██╗░██╔╝████╗░████║██╔══██╗██╔══██╗
░╚██╗████╗██╔╝███████║░╚████╔╝░██╔████╔██║███████║██████╔╝
░░████╔═████║░██╔══██║░░╚██╔╝░░██║╚██╔╝██║██╔══██║██╔═══╝░
░░╚██╔╝░╚██╔╝░██║░░██║░░░██║░░░██║░╚═╝░██║██║░░██║██║░░░░░
░░░╚═╝░░░╚═╝░░╚═╝░░╚═╝░░░╚═╝░░░╚═╝░░░░░╚═╝╚═╝░░╚═╝╚═╝░░░░░  Fastest And Optimised Web Vulnerability Scanner  v6.1.8
    
Waymap Version: 6.1.8
Made by Trix Cyrus
Copyright © 2024 Trixsec Org
usage: waymap.py [-h] [--target TARGET] [--multi-target MULTI_TARGET] [--crawl CRAWL]
                 [--scan {sqli,cmdi,ssti,xss,lfi,open-redirect,crlf,cors,all,high-risk,critical-risk}] [--threads THREADS]
                 [--no-prompt] [--profile {high-risk,deepscan,critical-risk}] [--check-waf CHECK_WAF]

Waymap - Fast and Optimized Web Vulnerability Scanner

options:
  -h, --help            show this help message and exit
  --target TARGET, -t TARGET
                        Target URL for crawling and scanning, example: https://example.com/
  --multi-target MULTI_TARGET, -mt MULTI_TARGET
                        File with multiple target URLs for crawling and scanning
  --crawl CRAWL, -c CRAWL
                        Crawl depth
  --scan/-s {sqli,cmdi,ssti,xss,lfi,open-redirect,crlf,cors,all},
                        Type of scan to perform
  --threads THREADS, -T THREADS
                        Number of threads to use for scanning (default: 1)
  --no-prompt, -np      Automatically use default input for prompts
  --profile/-p {high-risk,deepscan,critical-risk}
                        Specify the profile: 'high-risk', 'deepscan' or 'critical-risk'. This skips crawling.
  --check-waf CHECK_WAF, --waf CHECK_WAF
                        To Detect WAF/IPS Of Any Website

For more detailed usage information, visit the README file.

Get in Touch

If you have questions or feedback, feel free to reach out on GitHub or join our Waymap repository.